Peter Suciu | Clearancejobs.com »
Even before most Americans were “online,” the world’s cyber infrastructure was hit by an attack of sorts in 1988. The “Morris Worm,” as it has come to be known, wasn’t actually meant as an attack. It began when Robert Tappen Morris distributed a “computer worm” on the Internet while he was a graduate student at Cornell University.
Morris said he created the worm to see if it could be done and to determine how large the nascent Internet was – but it also exploited a number of vulnerabilities that allowed it to gain access to targeted systems including a hole in various programs as well as via weak passwords. Morris didn’t intend for the worm to be actively destructive, yet it spread more easily than originally planned. Morris, who was the son of Robert Morris, a cryptographer employed at the NSA, ended up being the first person indicted under the Computer Fraud and Abuse Act. He was sentenced to three years of probation and 400 hours of community service.
In the years that have followed, cyber attacks have increased in frequency and severity. In just the past several weeks, the nation has been hit by attacks that impacted gasoline supplies after the Colonial Pipeline fell victim to a ransomware attack, while a few weeks later the nation’s supply chain was impacted after the its largest meat packer was targeted in a similar attack.
In June 2007, the United States Secretary of Defense’s unclassified email account was hacked by foreign operatives as part of a larger series of attacks. It likely wasn’t the first such brazen attack of a government official’s online accounts, and just a year later, the databases of both Republican and Democratic presidential campaigns were hacked and downloaded by unknown foreign intruders.
“Attacks on US government agencies occur on a regular basis, both for the purpose of obtaining information on citizens and to disrupt official government activities,” warned Saryu Nayyar, CEO at cyber research firm Gurucul.
“All levels of government have historically faced computer threats for some time now,” added Brian Gant, assistant professor of cybersecurity at Maryville University.
“The most interesting thing about this cyber threat in my opinion is how psychological it can become,” Gant, who previously worked with an intelligence analyst at the FBI, told ClearanceJobs. “We certainly have instances of overseas groups scanning our networks for openings, or trying to impose their will on us politically to cause disruption within government. However the threat of crippling the government sector, whether it be ransomware or a damaging virus, is just as real psychologically. Promoting the ‘distrust’ of our government with personal information or utilization of services keeps us stagnant and subsequently causes harm as well.”
POWER AND DANGER
Cyber attacks have increased as our reliance on computers has increased, and the weaknesses have increased because of a reliance on legacy systems and what could best be described as cobbled together networks. Replacing those older systems and hardening the defenses has been a goal, but there is still a long ways to go.
“Even before computers, our government had strong interest in CIA: confidentiality, integrity and availability of information, which is to say we want confidence that others cannot access our secrets, garble records to spoof us, or block us from using our own information,” explained Jim Purtilo, associate professor of computer science at the University of Maryland.
“Assuring these properties became more challenging when computers became more prevalent. The number of machines, their locations and the complex networks connecting them offered substantially more value but at the same time increased the attack surfaces. Power and danger go hand in hand,” Purtilo told ClearanceJobs.
The biggest computer threats to government have been from the government’s bureaucracy itself, as some officials took big risks to streamline their respective agencies’ services.
“Technology evangelists refer to these officials as ‘early adopters,’ while others following them had the value of learning from those pioneers,” added Purtilo.
“In many cases government systems, networks and databases have been known to be less protected than similar environments in the commercial world, or protected with older technologies,” Nayyar explained to ClearanceJobs. “And, of course, increasingly we are seeing ransomware attacks on government systems, forcing the payment of ransoms to unlock data so that business can continue to function.”
SNOWDEN AND OPM BREACH
The seriousness of cyber attacks wasn’t fully understood until 2013, when Edward Snowden – former employee and subcontractor for the Central Intelligence Agency (CIA), leaked highly classified information from the NSA, including revealing many global surveillance programs run by the NSA as well as the Five Eyes Intelligence Alliance.
Just two years after Snowden’s leak of sensitive data, the United States Office of Personnel Management (OPM) announced it had been the target of data breach that impacted approximately 22.1 million records. It remains one of the largest breaches of government data in U.S. history.
Since then the situation has gotten even worse.
“There is a long history of cyber attacks against the U.S. government, probably most notable being Edward Snowden in 2013 and the more recent SolarWinds attack,” said Ron Bradley, vice president of risk assessment firm Shared Assessment.
“It’s interesting to compare and contrast the two as they are so different from each other, but resulted in significant damage to the United States,” Bradley told ClearanceJobs. “One could probably argue the SolarWinds breach was an eventual result of ‘the Snowden effect’ due to the far reaching impact of the government programs he revealed.”
Both examples highlight the common denominator in most breaches, the human element.
“Organizations must stay diligent in their efforts to protect their assets by taking all reasonable efforts to defeat intentional and unintentional human influenced vulnerabilities,” added Bradley. “The most common method being security and awareness training – particularly in the area of phishing – layered with data loss prevention, and incident response makes for a good starting point.”
THE POLITICAL SITUATION: CYBER COLD WAR
Many of the recent attacks made against U.S. interests have been criminal enterprise in Russia – and cyber is often an easier way to make money for the underworld syndicates, as they can operate far from U.S. law enforcement. Distance may not be enough to protect them in the long term as this could spark an international incident.
“President Biden recently requested to President Putin that Russia and its proxies cease conducting attacks on 16 U.S. critical infrastructure sectors,” explained Chloé Messdaghi, cybersecurity disruption consultant and researcher.
However, the United States has also employed cyber against potential adversaries as well, a fact noted by the Russian Federation’s leader.
“President Putin reiterated to President Biden that the U.S. is also conducting the same types of cyber break-ins that Biden and many experts accuse Russia of,” Messdaghi told ClearanceJobs.
“This meeting has brought a different perspective to the American public’s awareness. We’re seeing emerge a new version of the cold war: the cyber war,” she added. “It’s up to both nations to take responsibility for actions that occur within their countries, to the best of their abilities. Biden said that Russia needs to step in and stop these malicious groups from interfering in elections and halting critical services, and Putin is emphasizing that the U.S. also needs to take responsibility: it’s a ‘back at you’ exchange.”
“In many cases, attacks on government systems at all levels has a greater impact than on commercial systems, because of the potential for these systems to reduce trust in our institutions. Government agencies have to ensure that they have early warning systems in place to detect unusual activity and to immediately investigate and address any suspicious downloads or attempts to lock out legitimate users. Especially today we need to make sure that we can trust our institutions to protect our data and interests.”
The situation has gotten so great that cyber warriors could be as crucial to protecting the nation as the pilots over the skies, the sailors on the waters, and the soldiers and Marines on the ground.
“What’s next is the vigilance of our government, particularly Cybersecurity Infrastructure Agency (CISA) protecting our homeland by working with all industries both private and public,” said Gant.
He added, “Every federal agency has a cyber division typically, but it is the job of CISA to coordinate all these efforts to protect us domestically. The constant attacks will never go away, but the amount of threat intelligence and preventive work from our government is essential to preventing a crippling attack here at home.”
However, the technology to defend from an attack will continue to lag behind the technology to defend from one, while legacy hardware also remains a serious issue.
“Threats are unfolding right now have the potential to become game changers if we don’t cut through the bureaucracy,” warned University of Maryland’s Purtilo.
“Quantum computing is maturing more slowly than proponents claim, but it will be here soon enough, and that won’t be the moment to first wonder what we might do with it; our competitors will already be using it against us,” he noted. “Our tech supply chains are stretched thin, and the time to wonder about sustaining them is not when manufacturers must curtail production of automobiles, phones and appliances for want of rare earth metals, quality software or simple computer chips. Even our talent supply chain is in distress, as many schools seem to be refactoring around critical race theory instead of critical thinking skills. Bureaucracy is not responding to these threats well at all.”